VAR-200004-0053
Vulnerability from variot - Updated: 2024-05-14 22:59Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5 package allows remote attackers to cause a denial of service via an HTTP request with long headers such as Accept. apple's WebObjects Exists in unspecified vulnerabilities.None. A denial-of-service vulnerability exists in Apple's WebObjects 4.5 Developer, a popular platform for developing web-based applications. The vulnerable version is Windows NT 4.0 SP5, when run in conjunction with the CGI-adapter and IIS 4.0. An HTTP request sent with a long header (ie, over 4.1K), will crash webobjects.exe. This may also permit the attacker to remotely execute code with the privilege of IIS, but this has not been verified. This vulnerability is reportedly present only in installations running under a development license. Those licensed for deployment are not affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200004-0053",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webobjects",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "4.5"
},
{
"model": "webobjects",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "4.5"
},
{
"model": "webobjects",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "webobjects developer nt4 iis4.0 cgi-adapter developer",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "4.5"
}
],
"sources": [
{
"db": "BID",
"id": "1896"
},
{
"db": "JVNDB",
"id": "JVNDB-2000-000138"
},
{
"db": "CNNVD",
"id": "CNNVD-200004-006"
},
{
"db": "NVD",
"id": "CVE-2000-0299"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:webobjects:4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0299"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Reported to Bugtraq by Bruce Potter \u003cgdead@fortnocs.com\u003e on Tue Apr 04 2000",
"sources": [
{
"db": "BID",
"id": "1896"
},
{
"db": "CNNVD",
"id": "CNNVD-200004-006"
}
],
"trust": 0.9
},
"cve": "CVE-2000-0299",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2000-0299",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-1878",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2000-0299",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200004-006",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-1878",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1878"
},
{
"db": "JVNDB",
"id": "JVNDB-2000-000138"
},
{
"db": "CNNVD",
"id": "CNNVD-200004-006"
},
{
"db": "NVD",
"id": "CVE-2000-0299"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5 package allows remote attackers to cause a denial of service via an HTTP request with long headers such as Accept. apple\u0027s WebObjects Exists in unspecified vulnerabilities.None. A denial-of-service vulnerability exists in Apple\u0027s WebObjects 4.5 Developer, a popular platform for developing web-based applications. The vulnerable version is Windows NT 4.0 SP5, when run in conjunction with the CGI-adapter and IIS 4.0. \nAn HTTP request sent with a long header (ie, over 4.1K), will crash webobjects.exe. This may also permit the attacker to remotely execute code with the privilege of IIS, but this has not been verified. \nThis vulnerability is reportedly present only in installations running under a development license. Those licensed for deployment are not affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0299"
},
{
"db": "JVNDB",
"id": "JVNDB-2000-000138"
},
{
"db": "BID",
"id": "1896"
},
{
"db": "VULHUB",
"id": "VHN-1878"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-1878",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1878"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2000-0299",
"trust": 3.6
},
{
"db": "JVNDB",
"id": "JVNDB-2000-000138",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200004-006",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20000404 WEBOBJECTS DOS",
"trust": 0.6
},
{
"db": "BID",
"id": "1896",
"trust": 0.4
},
{
"db": "SEEBUG",
"id": "SSVID-74260",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "20379",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-1878",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1878"
},
{
"db": "BID",
"id": "1896"
},
{
"db": "JVNDB",
"id": "JVNDB-2000-000138"
},
{
"db": "CNNVD",
"id": "CNNVD-200004-006"
},
{
"db": "NVD",
"id": "CVE-2000-0299"
}
]
},
"id": "VAR-200004-0053",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-1878"
}
],
"trust": 0.01
},
"last_update_date": "2024-05-14T22:59:17.344000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "top page",
"trust": 0.8,
"url": "https://www.apple.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2000-000138"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "others (CWE-Other) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2000-000138"
},
{
"db": "NVD",
"id": "CVE-2000-0299"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-04/0020.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2000-0299"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1878"
},
{
"db": "JVNDB",
"id": "JVNDB-2000-000138"
},
{
"db": "CNNVD",
"id": "CNNVD-200004-006"
},
{
"db": "NVD",
"id": "CVE-2000-0299"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-1878"
},
{
"db": "BID",
"id": "1896"
},
{
"db": "JVNDB",
"id": "JVNDB-2000-000138"
},
{
"db": "CNNVD",
"id": "CNNVD-200004-006"
},
{
"db": "NVD",
"id": "CVE-2000-0299"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2000-04-04T00:00:00",
"db": "VULHUB",
"id": "VHN-1878"
},
{
"date": "2000-04-04T00:00:00",
"db": "BID",
"id": "1896"
},
{
"date": "2024-05-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2000-000138"
},
{
"date": "2000-04-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200004-006"
},
{
"date": "2000-04-04T04:00:00",
"db": "NVD",
"id": "CVE-2000-0299"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-1878"
},
{
"date": "2009-07-11T03:56:00",
"db": "BID",
"id": "1896"
},
{
"date": "2024-05-13T02:45:00",
"db": "JVNDB",
"id": "JVNDB-2000-000138"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200004-006"
},
{
"date": "2008-09-10T19:04:02.710000",
"db": "NVD",
"id": "CVE-2000-0299"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200004-006"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WebObjects Remote Overflow Vulnerability",
"sources": [
{
"db": "BID",
"id": "1896"
},
{
"db": "CNNVD",
"id": "CNNVD-200004-006"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200004-006"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…